From 21651a6e4c8ac21b1989c5847c04e96fd6c8b333 Mon Sep 17 00:00:00 2001
From: Peter Wu <peter@lekensteyn.nl>
Date: Sat, 17 Sep 2016 19:13:23 +0200
Subject: openssl-connect: fix support for more PSK ciphers

Match also stuff like DHE-PSK-AES128-CCM8. Improve error message if
cipher is not accepted by OpenSSL.
---
 openssl-connect | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/openssl-connect b/openssl-connect
index f4def7f..9d865fc 100755
--- a/openssl-connect
+++ b/openssl-connect
@@ -61,6 +61,10 @@ s_client_client_random() {
         fflush();
     }
 
+    # if the cipher is unknown, or the security level is too low (see
+    # SSL_get_security_level in OpenSSL 1.1.0), then this message is reported.
+    /no ciphers available/ { invalid_cipher = 1 }
+
     END {
         for (rnd in queued) {
             print "# No master key for random", rnd
@@ -70,6 +74,8 @@ s_client_client_random() {
         if (!has_random) {
             if (key)
                 print "# No random found for key", key
+            else if (invalid_cipher)
+                print "# Cipher is invalid or its security level is too low"
             else
                 print "# No random nor key found"
         }
@@ -102,7 +108,7 @@ while read cipher; do
         port=$((portbase+2)) ;;
     *-DSS-*)
         port=$((portbase+3)) ;;
-    PSK-*)
+    PSK-*|*-PSK-*)
         opts+=(-psk "$PSK")
         port=$portbase ;;
     *-RSA-*|*) # assume RSA (includes name like RC4-SHA)
-- 
cgit v1.2.1